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CLAIMS 

1. A method for giving to at least one user (A, B, 
C) access to a respective home operator (HSPA, HSPB, 

5 HSPC) over a communication network, access being via an 
access network (AN, ASP) and through any of a plurality 
of supported visited networks (VSP1, VSP2, VSP3), 
characterised in that it includes the step of 
forwarding to the user (A, B, C) a list of said 

0 supported visited networks (VSP1, VSP2, VSP3), whereby 
said user (A, B, C) is given the possibility of 
selecting one of said supported visited networks (VSP1, 
VSP2, VSP3) as the path for reaching said respective 
home operator (HSPA, HSPB, HSPC) . 

5 2. The method of claim 1, characterised in that it 
includes the steps of: 

receiving from said user (A, B, C) user 
credentials at said access network (AN, ASP) , 

forwarding said user credentials to an 

0 authentication function at said access network (AN, 
ASP) , 

- retrieving a set of available roaming networks 
(VSP1, VSP2; VSP3) for said user (A, B, C) , thus 
retrieving a list of operators holding a roaming 

5 agreement with said respective home operator (HSPA, 
HSPB, HSPC) of said user (A, B, C) , and 

forwarding said list to said user (A, B, C) . 
3. The method of claim 2, characterised in that it 
includes the steps of : 
3 - receiving from said user (A, B , C) at said 

authentication function an identifier of an operator 
selected from said list, and 

- forwarding to the operator identified by said 
identifier a user's authentication request. 
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4. The method of claim 3, characterised in that it 
includes the step of including the user credentials in 
said user's authentication request. 

5. The method of claim 1, characterised in that it 
5 includes the steps of: 

assigning to said user (A, B, C) a NAI 
identifier, 

- identifying said user (A, B, C) through the realm 
part of said NAI identifier. 
10 6. The method of claim 2, characterised in that 

said steps of receiving and forwarding user credentials 
and retrieving a set of available roaming networks is 
performed only once, when a first authentication 
request is received by said authentication function in 
. 15 respect of a user for which no direct roaming 
agreements exist with said user's respective home 
operator (HSPA, HSPB, HSPC) . 

7. The method of claim 2, characterised in that, 
when said access network (AN, ASP) has a direct roaming 

20 agreement with said user's respective home operator 
(HSPA, HSPB, HSPC), it includes the step of forwarding 
to said user (A, B, C) a list including said user's 
respective home operator only. 

8. The method of claim 2, characterised in that, 
25 when said access network (AN, ASP) has a direct roaming 

agreement with said user's respective home operator 
(HSPA, HSPB, HSPC) , it includes the step of directly 
forwarding the user's authentication request to said 
user's respective home operator (HSPA, HSPB, HSPC). 
30 9. The method of claim 3, characterised in that it 

includes the step of proxying said user's 
authentication request from said operator identified by 
said identifier to said user's respective home operator 
(HSPA, HSPB, HSPC) . 
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10. The method of claim 2, characterised in that it 
includes the step of selecting said authentication 
function as an EAP based function. 

11. The method of claim 1, characterised in that it 
5 includes the step of including in at least one of said 

access network (WISP1, WISP2, WISP3) and said supported 
visited networks (VSP1, VSP2 , VSP3) a Diameter node. 

12. The method of claim 1, characterised in that it 
includes the step of including in at least one of said 

10 access network (WISP1, WISP2, WISP3) and said supported 
visited networks (VSP1, VSF2, VSP3) a proxy/ relay (DRL) 
agent . 

13. The method of claim 1, characterised in that it 
includes the step of including in at least one of said 

15 supported visited networks (VSP1, VSP2 , VSP3) a 
redirect agent (DRD) . 

14. The method of claim 3, characterised in that it 
includes the step of including in at least one of said 
supported visited networks (VSP1, VSP2, VSP3) : 

20 a proxy/relay agent for those authentication 

requests that must be forwarded towards an identified 
operator, and 

- as a redirect agent for those authentication 
requests that have an unknown realm. 

25 15. The method of claim 14, characterised in that 

it includes the steps of: 

redirecting to all said supported visited 
networks (VauS/DRDs) the authentication requests whose 
realm does not correspond to any realm identified at 
30 said access network (AauS/DRL) , and 

- returning from said supported visited networks 
(VauS/DRDs) to said access network (AauS/DRL) redirect 
notifications as well as contact inf ormation to said 
user's respective home operator. 
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16. A communication network arranged for giving to 
at least one user {A / B, C) access to a respective home 
operator (HSPA, HSPB, HSPC) via an access network (AN, 
ASP) and through any of a plurality of supported 
5 visited networks (VSP1, VSP2, VSP3) , characterised in 
that it said access network (AN, ASP) is configured for 
forwarding to the user (A, B, C) a list of said 
supported visited networks (VSP1, VSP2, VSP3) , whereby 
said user (A, B, C) is given the possibility of 
10 selecting one of said supported visited networks (VSP1, 
VSP2, VSP3) as the path for reaching said respective 
home operator (HSPA, HSPB, HSPC) . 

17. The network of claim 16, characterised in that: 

- said access network (AN, ASP) and an associated 
15 authentication server, said access network (AN, ASP) 
being configured for receiving user credentials from 
said user (A, B, C) and forwarding said user 
credentials to said authentication server, 

said authentication server is configured for 
20 retrieving a set of available roaming networks (VSP1, 
VSP2; VSP3) for said user (A, B, C) , thus retrieving a 
list of operators holding a roaming agreement with said 
respective home operator (HSPA, HSPB, HSPC) of said 
user (A, B, C) , and forwarding said list to said user 
25 (A, B, C) . 

18. The network of claim 17, characterised in that 
said authentication server is configured for receiving 
from said user (A, B, C) an identifier of an operator 
selected from said list, and forwarding to the operator 

30 identified by said identifier a user's authentication 
request . 

19. The network of claim 18, characterised in that 
said authentication server is configured for including 
the user credentials in said user's authentication 

35 request . 
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20. The network of claim 16, characterised in that, _ 

w 

said user (A, B, C) being identified by a NAI Jj"j 
identifier, said access network (AN, ASP) is configured ^ 
for identifying said user (A, B, C) through the realm ^ 
part of said NAI identifier. < 



21. The network of claim 17, characterised in that 
said authentication server is configured for receiving 
and forwarding user credentials and retrieving a set of 
available roaming networks only 'once, when a first 
10 authentication request is received by said 
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authentication server in respect of a user for which no ""O 
direct roaming agreements exist with said user's 
respective home operator (HSPA, HSPB, HSPC) . 

22. The network of claim 17, characterised in that 
15 said access network (AN, ASP) has a direct roaming 

agreement with said user 7 s respective home operator 
(HSPA, HSPB, HSPC) , and said access network (AN, ASP) 
is configured for forwarding to said user (A, B, C) a 
list including said user's respective home operator 
20 only. 

23. The network of claim 17, characterised in that 
said access network (AN, ASP) has a direct roaming 
agreement with said user' s respective home operator 
(HSPA, HSPB, HSPC) , and said access network (AN, ASP) 

25 is configured for directly forwarding the user's 
authentication request to said user's respective home 
operator (HSPA, HSPB, HSPC) . 

24. The network of claim 18, characterised in that 
aid supported visited networks (VSP1, VSP2 , VSP3) are 

30 configured for proxying said user's authentication 
request from said operator identified by said 
identifier to said user's respective home operator 
(HSPA, HSPB, HSPC) . 

25. The network of claim 17, characterised in that 

35 said authentication server is an EAP based server. 
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26. The network of claim 16, characterised in that 
at least one of said access network (WISP1, WISP2, 
WISP3) and said supported visited networks (VSP1, VSP2 , 
VSP3)is configured as a Diameter node. 
5 27. The network of claim 16, characterised in that 

at least one of said access network (WISP1, WISP2, 
WISP3) and said supported visited networks (VSP1, VSP2, 
VSP3) includes a proxy/relay (DRL») agent. 

28. The network of claim 16, characterised in that 
10 at least one of said supported visited networks (VSP1, 

VSP2, VSP3) includes a redirect agent (DRD) . 

29. The network of claim 18, characterised in that 
at least one of said supported visited networks (VSP1, 
VSP2 , VSP3 ) includes : 

15 . a proxy/relay agent for those authentication 

requests that must be forwarded towards an identified 
operator, and 

- as a redirect agent for those authentication 
requests that have an unknown realm. 
20 30. The network of claim 29, characterised in that 

said access network (WISP1, WISP2, WISP3) is configured 
for redirecting to all said supported visited networks 
(VauS/DRDs) the authentication requests whose realm 
does not correspond to any realm identified at said 
25 access network (AauS/DRL) , and in that said supported 
visited networks (VauS/DRDs) are configured for 
returning to said access network (AauS/DRL) redirect 
notifications as well as contact information to said 
user's respective home operator. 
30 31. The network of claim 16, in the form of an IP 

network 

32. A computer program product loadable in the 
memory of at least one computer and including software 
code portions for performing the steps of any of claims 
35 1 to 15. 



